All Apps and Add-ons

ScriptRunner - "Couldn't start child process" error when trying to execute a custom alert action script?

TimEek
Path Finder

As the title suggests, Im getting the following error when trying to execute a custom alert action script.

The script is quite simple. Its a shell script that basically looks like this:

#!/bin/bash
if [[ "$1" == "--execute" ]]; then
https_proxy=proxyname:port curl --header "content-type: text/soap+xml; charset=UTF-8" --data @alertBody.xml https://url/api
fi

If I execute this through the command line using: sh alert.sh --execute, it works perfectly. But I get the above error instead. It references the script in the following way:

ERROR ScriptRunner - Couldn't start child process. script="/opt/splunk/etc/apps/alert_app/bin/alert.sh --execute"

I am not trying to give arguments to the script. It's a simple script that posts to an API with predetermined text that's always the same in the xml body. My alert actions looks as follows:

[alert]
is_custom=1
label=alertTest
icon_path=logevent.png
disabled=0

Adding some fields didn't help, but maybe someone can help me find which ones are mandatory? I copied the png from another alerting app and placed it in the same folder.

 

Labels (2)
Tags (1)
0 Karma
1 Solution

TimEek
Path Finder

In case anyone finds this in the future.. Problems are usually easier to solve than you think. I discovered that the permissions for my linux systems were out of wack, so chmod 700 on the script was enough to get me through this step. Good luck to anyone else!

View solution in original post

_smp_
Builder

I was getting this error from a scripted input after upgrading from 8.2.10 to 9.0.6, and resolved it by removing python.version = python2 from the restmap.conf file that someone had manually added.

Tags (1)
0 Karma

TimEek
Path Finder

In case anyone finds this in the future.. Problems are usually easier to solve than you think. I discovered that the permissions for my linux systems were out of wack, so chmod 700 on the script was enough to get me through this step. Good luck to anyone else!

alexis
Explorer

good job. thanks

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...